Posts that have the tag "mysql"
New Blog Update
I've been working on my new blog software for a few months now. I don't intend on adjusting the outward appearance of my blog in any appreciable way, so when I move from the old software to the new software, it should look the same. Rather, all of the changes I'm making are all on the back end of things.
I've been working to objectify my PHP code. Right now, my blog spans over 20 disparate files. There are a few files that are common to them all (similar to classes), but they're mostly for the more complex features. The problem I've been having is reconciling similar functionality and standardizing my coding practices. For instance, I recently spotted a bug in my site redirect script. Were my program stored in a few central classes, I would only have to modify a few portions of the code. However, because everything was apart, I had to modify 15-20 different files correcting the bug. Of course, even with classes, I may have to modify a fair amount of items. For instance, adding, editing and deleting information has a similar procedure with a different query string. With 4 different information classes with an add, edit and delete method in each, that's 12 instances of the exact same code. Making a method for the redundant code makes the code more succinct AND makes it easier to modify down the line.
Currently, I have information classes: my blog entries, comments, image info and image folders. I also have a class for database use, a utilities class, a user authentication class and an HTML class. So far, I've written most of the database and information classes. I need to fine tune and correct any logic errors and try to synchronize common class types. I've also finished writing my utility classes, as they were taken from the old utilities I used before.
The authentication and HTML classes will take a fair amount of time, but most of the logic and styles for each have already been written. I'll just need to slice them up and edit them to function correctly in a modular fashion.
If I were to give a percentage of completion, I'd say that I'm somewhere around 60%. I've completed a lot of the logic grunt work and I have a little left. Afterward, it will be about testing the applications to insure proper working order.
Posted on February 22, 2010 at 12:26 pm. 0 comments. Tags: website admin blog images programming php mysql database
MySQL objects
I was working on my blog objects organization paper this morning and I suddenly came to the realization that I was passing MySQL objects from the database class to the other classes in the program. I've been working rather hard to keep my classes as separate from each other as possible, so this came as a shock when I realized that I had been working completely counter to my goal.
So, I think I'll work on taking MySQL objects and transferring the data from the arrays that are returned and placing the data into a newly instantiated object. When I return a collection of items, I'll transfer them into an array of instantiated objects. Though, I need to insure that the data maintains its integrity. I wouldn't worry about Java doing such a thing, but PHP doesn't seem nearly as reliable...
Posted on January 20, 2010 at 08:09 am. 0 comments. Tags: php mysql objects
authentication idea
I've been contemplating a new method of authentication. Right now, the authentication is a mass of spaghetti code and hashes of hashes of hashes. Despite the obfuscation of information, there are some worrying problems. Namely, information stored on the client side is static. A session ID changes from time to time, but this could potentially create a problem and may make it easy to deconstruct the authentication.
I've decided to simplify the authentication process and make it more difficult to deconstruct or spoof information. The SQL tables obviously hold hashes of passwords to protect the password information. I've also constructed the website to hash the password client-side so that when information is sent as plain text, no person can grab the password information, only the hash information.
My current idea is to create a table of 500-1000 entries. Each entry will contain a random number of 8 digits or longer. When a password and username are sent to the server, they are checked against the username and hash already stored in the SQL tables. When the username and password are authenticated the first time, a random key will be chosen from the table of random numbers. The random number from the random key will be used as a salt on the end of the password hash. A new hash will be created from this string.
Afterward, 3 cookies will be created on the client's computer.
A) The username
B) The random number key
C) The new hash
When the server attempts to authenticate, all 3 pieces of data will be sent to the server. The password hash of the username will be retrieved as well as the random number from the key. The random number will be salted on the end of the password hash and a new hash will be created. This hash will be compared to the hash stored in a cookie. If everything is correct, they should match. Otherwise, the random number has changed, or a spoof has been thwarted.
This, of course, doesn't solve the problem of the initial contact with the server as nothing is encrypted beyond a hash, but it makes sure that everything after the initial contact isn't in plain text or easily readable.
Posted on May 26, 2009 at 12:42 pm. 0 comments. Tags: hash sha1 website php mysql sql password username administration
Site
This week, I'm going to make some updates to the site. Namely, I'm going to revamp the security of the log in feature as well as adjusting the log in time from 1 hour to multiple hours. I'm also going to add a few features, such as a preview pane when adding a new post.
I'm also going to do a slight bit more research over at flickr and finalize my SQL table structure for my image gallery.